DDD Ltd Privacy Notice
DDD Limited (hereafter referred to as “DDD”) is a private limited company which was incorporated on the 16th of March 1912.
Our business focus is on making health and beauty products. Over the years DDD has evolved into a group of companies: Fleet Laboratories, Dendron and Trinity Scientific, and DDD International, each run as a separate business unit, working together to deliver services to their partners.
Maintaining the security of your data is a priority for DDD, and we are committed to respecting your privacy rights.
This policy provides you with information about:
• How we use your data
• What personal data we collect
• How long we retain your personal data
• How we ensure your privacy is maintained; and
• Your legal rights relating to your personal data
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how DDD uses your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us. Our contact details are at the bottom of this notice.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish. The month this privacy notice was last updated is found towards the bottom of this notice.
EXPLAINING THE LEGAL BASIS WE RELY ON
We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
We will use your personal data to ensure that your complaint and/or ADR is handled accurately, promptly and appropriately.
For example, we will use your address details to send you a method of returning faulty products to us.
HOW WE USE YOUR INFORMATION
This privacy notice tells you how we, DDD, will collect and use your personal data for processing general queries, product and general complaints, and Adverse Drug Reaction (ADR) issues.
HOW LONG WILL DDD RETAIN MY PERSONAL DATA?
We will not retain your personal data for longer than is necessary for the purposes set out in this policy. Different retention periods apply for different types of data:
Queries – your personal data may be retained for up to 30 days from resolution of the query
Complaints and ADRs – your personal data may be retained for up to 15 years in accordance with the Human Medicines Regulation (HMR) 2012
WHY DOES DDD NEED TO COLLECT AND STORE MY PERSONAL DATA?
For us to resolve your query/complaint appropriately and accurately we need to collect personal data for correspondence purposes and/or detailed service provision.
In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
In terms of being contacted for marketing purposes DDD would contact you for additional consent.
HOW WILL DDD KEEP MY PERSONAL DATA SECURE?
DDD is committed to keeping your personal data safe and secure.
Our security measures include:
• Data encryption
• Internal policies setting out our data security approach and training for employees
• Security controls which protect the entire DDD IT infrastructure from external attack and unauthorised access
WILL DDD SHARE MY PERSONAL DATA WITH ANYONE ELSE?
Within the DDD Group of companies, we may pass your personal data on to Dendron Ltd (our Distribution and Marketing division) and/or Fleet Labs Ltd (our manufacturing and quality division).
If we are required to send information to the product license holder, we will remove or anonymise any personal data.
If your case needs to be referred to the Medicines and Healthcare products Regulatory Agency (MHRA), we will only transfer generic health data related to the complaint or ADR and will not transfer your personal data.
HOW WILL DDD USE THE PERSONAL DATA IT COLLECTS ABOUT ME?
DDD will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
DDD is required to retain information in accordance with the law. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
UNDER WHAT CIRCUMSTANCES WILL DDD CONTACT ME?
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
WHAT ARE YOUR RIGHTS OVER YOUR PERSONAL DATA?
You have the following rights:
• The right to ask for a copy of personal data that we hold about you (the right of access);
• The right (in certain circumstances) to request that we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure or to be forgotten);
• The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
• The right to object to us using / holding your personal data if we have no legitimate reasons to do so (the right to object);
• The right (in certain circumstances) to ask us to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
• The right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
If we choose not to action your request, we will explain to you the reasons for our refusal.
WHAT FORMS OF ID WILL I NEED TO PROVIDE IN ORDER TO ACCESS THIS?
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act. DDD accepts the following forms of ID when information on your personal data is requested:
• Driving licence
• Birth certificate
• Utility bill (from last 3 months)
DOCUMENT OWNER AND APPROVAL
DDD’s GDPR Representative is the owner of this document and is responsible for ensuring that this record is reviewed in line with the review requirements of the GDPR.
CONTACTING THE REGULATOR
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113. Or go online to https://ico.org.uk/make-a-complaint/ (opens in a new window; please note we can’t be responsible for the content of external websites)
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that haven’t been covered, please contact our Data Protection Team who will be pleased to help you:
Call us: 01923 229251
Email us: email@example.com
Or write to us at:
GDPR, DDD Ltd, 94 Rickmansworth Road, Watford, Herts, WD18 7JJ
WHEN WAS THIS PRIVACY NOTICE LAST UPDATED?
This policy was last updated in May 2018.